4.9

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-52970

GHSA ID

GHSA-g8xg-6v3j-w97f

EPSS Score

0.2886%

CWE

CWE-1038

Published

3/9/2025

Updated

3/9/2025

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-52970

CVE-2023-52970: MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11.*, 11.0 through 11.0....

MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11., 11.0 through 11.0., and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-52970

CVE-2023-52970:

4.9

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-52970

GHSA ID

GHSA-g8xg-6v3j-w97f

EPSS Score

0.2886%

CWE

CWE-1038

Published

3/9/2025

Updated

3/9/2025

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The primary evidence comes from the Jira issue MDEV-32086, which is directly linked to CVE-2023-52970. The Jira issue includes a stack trace from the crash, explicitly naming 'Item_direct_view_ref::derived_field_transformer_for_where' as the point of failure. The vulnerability description also mentions this function. The MariaDB release notes confirm the fix for MDEV-32086. Although direct commit information is not available through the tools, the Jira issue provides strong evidence for the vulnerable function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

4.9

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-52970: MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0....

CVE-2023-52970:

4.9

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

4.9

4.9

Technical Details

CVE-2023-52970: MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0....

CVE-2023-52970: MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11.*, 11.0 through 11.0....

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

CVE-2023-52970: MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11.*, 11.0 through 11.0....